From 96f98cb09137cc4a2a074c2c9cac3fd6eed50677 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 11 Mar 2013 14:14:28 +0400 Subject: [PATCH] escape fetch error message before saving in the db (closes #550) --- include/rssfuncs.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/rssfuncs.php b/include/rssfuncs.php index 2b13f9457..0b1d06564 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -238,8 +238,10 @@ _debug("update_rss_feed: unable to fetch: $fetch_last_error"); } + $error_escaped = db_escape_string($fetch_last_error); + db_query($link, - "UPDATE ttrss_feeds SET last_error = '$fetch_last_error', + "UPDATE ttrss_feeds SET last_error = '$error_escaped', last_updated = NOW() WHERE id = '$feed'"); return;